Field Analysis
The Recruiting Repo Is the Payload
A fake recruiter asking a candidate to review an MVP repo shows why unsolicited source code is not a document. It is an executable threat surface with access to developer secrets.
Tag
7 articles covering Supply Chain across campaign analysis, detection engineering, and defender tradecraft.
Field Analysis
A fake recruiter asking a candidate to review an MVP repo shows why unsolicited source code is not a document. It is an executable threat surface with access to developer secrets.
Field Analysis
Socket attributes a coordinated supply-chain campaign called TrapDoor to roughly thirty-four packages across npm, PyPI, and Crates.io, with ecosystem-specific execution paths and a new twist: planted .cursorrules and CLAUDE.md files designed to influence the developer's AI coding assistant.
Read more:SocketThe Hacker News
Field Analysis
A reported exploitation wave against Ghost CMS pushed malicious JavaScript onto more than 700 sites, sending visitors into fake verification flows that used ClickFix-style paste-and-run instructions.
Read more:The Hacker NewsMalwarebytes Labs
Field Analysis
GitHub's staged publishing and new npm install-source controls give maintainers practical ways to slow compromised CI/CD paths before a malicious package becomes installable.
Read more:GitHub ChangelogCISA
Field Analysis
Recent actor reporting points to a practical trend line: adversaries are combining selective delivery, user-driven execution, and trusted developer channels.
Read more:The Hacker NewsDark Reading
Field Analysis
The Salesloft Drift incident showed how a trusted integration token can become an access path into customer SaaS data without a fresh user login.
Read more:The Hacker NewsThe Hacker News
Field Analysis
Recent package compromises show how developer trust can be abused to harvest credentials and seed downstream phishing risk.
Read more:BleepingComputerCISA